Date: Thu, 30 Jan 2020 00:51:38 +0100 From: "Julian H. Stacey" <jhs@berklix.com> To: freebsd-hackers@freebsd.org Cc: Gordon Bergling <gbergling@googlemail.com> Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <202001292351.00TNpcBP019156@fire.js.berklix.net> In-Reply-To: Your message "Wed, 29 Jan 2020 13:34:38 -0800." <202001292134.00TLYce8066112@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Rodney W. Grimes" wrote: > > Hi, > > > > I recently stumbled upon the default world readable permissons of /root and > > /etc/sysctl.conf. I think that it would be more secure to reduce the default > > permission for /root to 0700 and to 0600 for /etc/sysctl.conf. > > Those values are over kill, you really want to stop group wheel from > reading these? At most they should be 0750 and 0640, and even that > seems overboard. > > If your stroring highly secure stuff in /root your probably doing some > thing wrong anyway. > > This appears to be security through obscurity based conservatism with > no given attack vector of some form. > > Others have made good points as well. This also appears to be changing > a default that would lead to many people unchanging it simply so a few > that do change it can impose there defaults. > > > > > > I prepared a differtial for the proposed change: > > https://reviews.freebsd.org/D23392 > > > > What do you think? > > Bad idea? Agreed, too tight. Over tightening tempts local fast reflex loosening by installers, with risk of over loosening if in a rush. Cheers -- Julian Stacey, Consultant Systems Engineer, BSD Linux http://berklix.com/jhs/ UK stole 750,000 Brexit votes from Brits in EU + 3 M globaly. 170 states vote abroad. UK urged Brits in EU to foreign nationality http://stolenvotes.uk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001292351.00TNpcBP019156>